Tag Archives: how to configure forticlient 5.4.1

Appendix D – FortiClient Log Messages

Appendix D – FortiClient Log Messages

Client Feature ID Level Format Description
AntiVirus 0x00017913 Warning Found malware by [AntiVirus scan|AntiVirus realtime protection] in [filesystem|email] This message is logged when a malware is found.
AntiVirus 0x00017914 Warning Found suspicious by [AntiVirus scan|AntiVirus realtime protection] in [filesystem|disk|email] This message is logged when a suspicious is found.
AntiVirus 0x00017915 Info User enabled Realtime AntiVirus protection Logged when someone enables Realtime AntiVirus.
AntiVirus 0x00017916 Warning User disabled Realtime AntiVirus protection Logged when someone disables Realtime AntiVirus.
AntiVirus 0x00017917 Info Communication error  
AntiVirus 0x00017918 Warning AntiVirus realtime protection killed malware process : [process name] A malware process killed a malware process.
AntiVirus 0x0001791d Info av_task scan is started This message is logged if AV scanning is started.
AntiVirus 0x0001791e Info av_task scan is stopped This message is logged if AV scanning is stopped.
AntiVirus 0x00017919 Info av_task scan thread is suspended This message is logged if AV scanning is paused.
AntiVirus 0x0001791a Info av_task scan thread is resumed This message when AV scanning is resumed.
AntiVirus 0x0001791b Warning av_task killed suspicious process : <filename or process name> <filename or process name> is a suspicious process and has been terminated.
AntiVirus 0x0001791c Info Cannot start scan task  

 

Client Feature ID Level Format Description
AntiVirus 0x0001791f Error Scheduled scan failed: Path to file/folder no longer exists. Path not found.
AntiVirus 0x00017920 Warning AntiVirus scan was stopped by a user before it finished. The user specified stopped an AntiVirus scan
AntiVirus 0x00017921 Warning Failed to connect to FortiSandbox server. The sandbox server is unavialable
Webfilter 0x000178f4 Info User enabled Webfilter Logged when someone enables webfiltering.
Webfilter 0x000178f5 Warning User disabled Webfilter Logged when someone disables webfiltering.
Webfilter 0x000178f6 Warning user’s access to the url [action and reason] the action to the user’s access
Webfilter 0x000178f7 Info user’s access to the url [action and reason] the action to the user’s access
Webfilter 0x000178f8 Warning The Webfilter Violation report was cleared [user name] Logged when someone clears the webfilter violation report.
Webfilter 0x000178f9 Warning Unable to create proxy/webfilter communication socket. FortiClient will not be able to determine the FortiGuard rating of URLs.
Webfilter 0x000178fa Warning Unable to retrieve the webfilter UDP port number. FortiClient will not be able to determine the FortiGuard rating of URLs.
Webfilter 0x000178fb Warning status=warn [logged on user] temporarily disabled blocking of category [category id] ([category name]) to access [url] The user [logged on user] proceeded to the url [url] after acknowledging a warning message.
Application FireWall 0x00017980 Warning Firewall action  
Application FireWall 0x00017981 Info Firewall action
Application FireWall 0x00017982 Info User enabled Firewall User enabled Firewall

 

Client Feature ID Level Format Description
Application FireWall 0x00017983 Warning User disabled Firewall User disabled Firewall
Application FireWall 0x00017984 Warning The Application Firewall report was cleared Logged when someone clears the application firewall report.
Application FireWall 0x00017985 Warning The application firewall has been disabled because it’s driver could not be loaded Logged when application firewall driver could not be loaded with error 127 (The specified procedure could not be found).
IKE VPN 0x00017930 Info VPN tunnel status VPN tunnel status
IKE VPN 0x00017940 Info IKE phase1 authentication fail as peer’s certificate is not verified. IKE phase1 authentication fail as peer’s certificate is not verified.
IKE VPN 0x00017941 Info IKE phase1 authentication fail as the preshare key mismatch. IKE phase1 authentication fail as the preshare key mismatch.
IKE VPN 0x00017931 Warning No response from the peer  
IKE VPN 0x00017932 Warning No response from the peer
IKE VPN 0x00017933 Warning Received delete payload from peer check xauth password. Received delete payload from peer check xauth password.
IKE VPN 0x00017934 Error Failed to acquire an IP address. Failed to acquire an IP address for the virtual adapter.
IKE VPN 0x00017935 Error ike error  
IKE VPN 0x00017936 Info negotiation information
IKE VPN 0x00017937 Error negotiation error
IKE VPN 0x00017938 Error replayed packet detected (packet dropped)

 

Client Feature ID Level Format Description
IKE VPN 0x00017939 Info VPN user accept the banner and continue with the tunnel setup The VPN user accept the banner warning
IKE VPN 0x0001793a Info VPN user choose disconnect the tunnel or no response The VPN user reject the banner warning and disconnect the tunnel
IKE VPN 0x0001793b Info locip=<ip address> locport=<port number> remip=<ip address> remport=<port number> outif=<interface> vpntunnel=<tunnel name> action=install_sa  
IKE VPN 0x0001793c Info VPN before logon was enabled Logged when someone enables VPN before logon.
IKE VPN 0x0001793d Info VPN before logon was disabled Logged when someone disables VPN before logon.
IKE VPN 0x0001793e Error VPN cannot connect because an authorization rule failed. Logged when a VPN authorization rule failed.
IKE VPN 0x0001793f Warning A required application is not running. VPN cannot connect because the specified application is not running.
SSL VPN 0x00017958 Info SSLVPN tunnel status SSLVPN tunnel status
Wan Acceleration 0x00017a71 Info User enabled WAN Acceleration User enabled WAN Accel-

eration

Wan Acceleration 0x00017a70 Info User disabled WAN Acceleration User disabled WAN Acceleration
Wan Acceleration 0x0000b000 Error Network registry keys are missing When enumerating the network interface subkeys
Wan Acceleration 0x0000b001 Error Network adapter is missing a description When enumerating the network interfaces
Wan Acceleration 0x0000b002 Error Error opening redirector device Wan acceleration will not function.
Wan Acceleration 0x0000b003 Info WAN Acceleration was enabled by [user name] Logged when someone enables WAN Acceleration.

 

Client Feature ID Level Format Description
Wan Acceleration 0x0000b004 Info WAN Acceleration was disabled by [user name] Logged when someone disables WAN Acceleration.
Vulnerability

Scan

0x00017908 Info The vulnerability scan status has changed A vulnerability scan status change
Vulnerability

Scan

0x00017909 Info A vulnerability scan result has been logged A Vulnerability scan result log
Vulnerability

Scan

0x0001790a Info Remediating vulnerability The details of the vulnerability being remediated is described by the log fields
EndPoint Con-

trol

0x00017ab6 Info upload logs  
EndPoint Con-

trol

0x00017ab7 Info Endpoint control policy synchronization was enabled Logged when someone

enables Endpoint control policy synchronization.

EndPoint Con-

trol

0x00017ab8 Warning Endpoint control policy synchronization was disabled Logged when someone disables Endpoint control policy synchronization.
EndPoint Con-

trol

0x00017ab9 Info Endpoint Control Status changed to [status] Endpoint Control Status Changed
EndPoint Con-

trol

0x00017aba Warning OffNet configuration version [version] doesn’t match FortiGate configuration version [version] OffNet configuration version doesn’t match FortiGate configuration version
EndPoint Con-

trol

0x00017abb Info Endpoint Control Registration

Status changed to [status] with

FGT [serial]

 
EndPoint Con-

trol

0x00017abc Info Endpoint Quarantine Status changed to [status] Endpoint Quarantine Status Changed
Update 0x00017a2a Info Customer initiated a software update request. Logged when a user presses the gui’s update button.
Update 0x00017a37 Info Checking for updates. Checking for updates.
Update 0x00017a2c Info Update allowed only if you have a valid license Update allowed only if you have a valid license

 

Client Feature ID Level Format Description
Update 0x00017a38 Info Software update started. Software update started.
Update 0x00017a2d Info Software updates are disabled. Software updates from FortiGuard have been disabled.
Update 0x00017a2e Info Software updates from FortiGuard have been disabled because this client is managed. Software updates from FortiGuard have been disabled.
Update 0x00017a2f Info Software updates require administrative privileges. The user does not have sufficient privileges to perform software updates.
Update 0x00017a30 Info Software update successful. Software update successful.
Update 0x00017a31 Info Software update failed. Software update failed.
Update 0x00017a32 Info Unable to perform software update. Registry does not contain image id to download. The image id that is expected to be in the registry is missing.
Update 0x00017a33 Info Update <module description> successful  
Update 0x0001798a Info Update success Update was successful.
Update 0x00017a34 Error Unable to load AV engine Failed to load the av engine
Update 0x00017a35 Error Error patching AV signature. Error patching AV signature.
Update 0x00017a36 Error Unable to load FASLE engine Unable to load FASLE engine
Update 0x00017a39 Info Update successful  
Scheduler 0x00017a20 Info Forcefully kill a child process after grace period expires A scheduler owned child process failed to stop when instructed to do so

 

Client Feature ID Level Format Description
Scheduler 0x00017a21 Error The scheduler cannot start the scheduled task because the task’s license is expired. The scheduler cannot start the scheduled task because the task’s license is expired.
Scheduler 0x00017a68 Info FortiClient is starting up FortiClient is starting up
Scheduler 0x00017a69 Info %s is shutting down FortiClient is shutting down
FortiProxy 0x00017a49 Info Fortiproxy is enabled Fortiproxy is enabled
FortiProxy 0x00017a48 Warning Fortiproxy is disabled Fortiproxy is disabled
FortiShield 0x00017a53 Info FortiShield is enabled FortiShield is enabled
FortiShield 0x00017a52 Warning FortiShield is disabled FortiShield is disabled
FortiShield 0x00017a54 Info The console was locked The console password was locked.
FortiShield 0x00017a55 Warning The console was unlocked The console password was unlocked.
FortiShield 0x00017a56 Warning The console password was removed The console password was removed.
FortiShield 0x00017a57 Warning FortiShield blocked application: [application path] from modifying: [file or registry path] FortiShield has prevented an application from modifying a file or registry setting protected by FortiClient.
Application

Database

0x0000d001 Error <context> <file reference> db error – creating new database. A critical error occurred. The application database will not work. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

0x0000d003 Error <context> <file reference> db error – BIND command. A critical error occurred. The application database will not work. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d004 Error <context> <file reference> db error – opening database. A critical error occurred. The application database is not present. An attempt to automatically regenerate it will occur. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d005 Error <context> <file reference> db error – preparing sql statement. The sql statement used is invalid. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d006 Error <context> <file reference> db error – unable to find fingerprint. The fingerprint does not exist in the database. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d007 Error <context> <file reference> db error – invalid md5. The parameter supplied is not an MD5. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

0x0000d008 Error <context> <file reference> db error – row not found. The requested row does not exist. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d00a Error <context> <file reference> Can’t open file. The file cannot be opened. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d00b Error <context> <file reference>

Unable to extract vendor id.

The files is not digitally signed
Application

Database

0x0000d00e Error <context> <file reference> Can’t access file because of sharing violation. Can’t access file because of sharing violation. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d00f Error <context> <file reference> Can’t open driver. Can’t open the apd driver. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d010 Error <context> <file reference> Can’t start driver. Can’t start the apd driver. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d011 Error <context> <file reference> Driver io error. APD driver io error. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

0x0000d016 Error <context> <file reference> Server-side pipe error. A communication error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d017 Error <context> <file reference> Pipe server initialization error. A communication initialization error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d018 Error <context> <file reference> Pipe server creation error. A communication initialization error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d019 Error <context> <file reference>

Unable to bypass fortishield.

Failed to bypass self-protection. The daemon might not function normally after this. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d01a Error <context> <file reference> Invalid arguments. Invalid command line options supplied. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

0x0000d01c Error <context> <file reference> Unable to allocate memory for vendor id cache. Low memory. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d01d Error <context> <file reference>

Vendor id cache not initialized.

This is probably temporary. An attempt will be made later to read/write to the cache. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d01e Error <context> <file reference>

Unable to open vendor id cache shared memory.

Application detection will not be functioning normally. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d01f Error <context> <file reference>

Unable to open mutex to access vendor id shared memory.

Application detection will not be functioning normally. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Config

Import/Export

0x00017a5c Info A configuration file is exported to [location] Logged when someone exports a config file.
Config

Import/Export

0x00017a5d Info A configuration file is imported from [location] Logged when someone imports a config file.
Config

Import/Export

0x00017a72 Info Policy ‘[name]’ was received and applied Logged when push configuration is received.
Single SignOn Mobility

Agent

0x00017ad4 Info Single Sign-On event Single Sign-On event.

 

Client Feature ID Level Format Description
Single SignOn Mobility

Agent

0x00017ad5 Info Single Sign-On Mobility Agent was enabled Logged when someone enables Single Sign-On Mobility Agent.
Single SignOn Mobility

Agent

0x00017ad6 Warning Single Sign-On Mobility Agent was disabled Logged when someone disables Single Sign-On Mobility Agent.
Single SignOn Mobility

Agent

0x00017ad7 Info Single Sign-On Mobility Agent is starting…  
Single SignOn Mobility

Agent

0x00017ad8 Info Single Sign-On Mobility Agent is stopping…
UI 0x00017a66 Warning Logs were cleared Logged when logs are cleared.
UI 0x00017a67 Info Alerts were cleared Logged when alerts are cleared by a user.

Appendix C – Rebrand FortiClient

Appendix C – Rebrand FortiClient

The FortiClient Configurator can be used to create custom FortiClient MSI installers with various combinations. The customized MSI installer generated may be used to install FortiClient on all supported platforms using Active Directory. A FortiClient setup executable file is also generated for manual distribution.

Under Options, you can select to enable software updates, configure the single sign-on mobility agent, and rebrand FortiClient. Rebranding allows you to edit various UI elements including graphics.

When replacing files in the resource folder, the replacement file should be the same file type and dimensions. Icons (.ico) are a special case. The Main_icon.ico file for example, is a composite file of multiple icons. The operating system picks the appropriate icon size from this file for the context in which the icon is being displayed.

Rebranding elements:

Installer Product Name Where Used: Setup Wizard header and body, File directory name in Installer Company Name file folder, engine/signature update bubble messages.

Default Value: FortiClient

Installer Company Name Where Used: File directory name in Program Files. Default Value: Fortinet

 

Manufacturer Name Where Used: Default Value: Fortinet Inc
Shortcut Text Where Used: Name of shortcut on desktop

Default Value: FortiClient

Product Name Where Used: Name of installer file (.msi/.mst), UI header, configuration received from FortiGate bubble messages, Default Value: FortiClient
Product Name Text Where Used: Name of client in main page

Default Value: FortiClient

Company Where Used: Help > About > Copyright page

Default Value: Fortinet

Company WebSite URL Where Used: Help > About > Copyright page

Default Value: http://www.fortinet.com

Company Website Text Where Used: Help > About > Copyright page

Default Value: www.fortinet.com

Feedback Email Where Used: Help > About > Copyright page, Send Feedback

Default Value: forticlient-feedback@fortinet.com

Feedback Email Text Where Used: Help > About > Copyright page, Send Feedback

Default Value: forticlient-feedback@fortinet.com

EULA Where Used: Help > About > Copyright page, Click here to view the license agreement

Default Value: http://www.fortinet.com/doc/legal/EULA.pdf

Knowledge Base Text Where Used: Help menu option

Default Value: Fortinet Knowledge Base

Leave this field blank to omit the field in the console.

Knowledge Base Link Where used: Link used by Knowledge Base text

Default value: http://kb.fortinet.com

Leave this field blank to omit the field in the console.

Advertisement 1 Where used: Link used by dashboard banner advertisement 1

Default value: http://www.forticlient.com/video/001

Advertisement 2 Where used: Link used by dashboard banner advertisement 2

Default value: http://www.forticlient.com/video/002

Advertisement 3 Where used: Link used by dashboard banner advertisement 3

Default value: http://www.forticlient.com/video/003

Resources folder elements:

Appendix C – Rebrand FortiClient

About_red_shield_logo.png Where Used:

File Type: PNG File (.png)

Width: 43 pixels

Height: 43 pixels

Bit Depth: 32

Advertisement_ad_0.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

Bit Depth: 32

Advertisement_ad_1.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

BitBit Depth: 32

Advertisement_ad_2.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

Bit Depth: 32

Antivirus_AV_scan_top_banner_left_hand_ side.png Where Used:

File Type: BMP File (.bmp)

Width: 1 pixel

Height: 40 pixels

Bit Depth: 8

Antivirus_AV_scan_top_banner_right_hand_ side.png Where Used: Banner used in right-click “scan with

product name” dialog box File Type: BMP File (.bmp)

Width: 440 pixels

Height: 40 pixels

Bit Depth: 8

Common_fgt-not-found-page-bg.png Where Used: FortiGate not found page

File Type: PNG File (.png)

Width: 673 pixels

Height: 189 pixels

Bit Depth: 32

Common_fortinet-icon.png Where Used:

File Type: PNG File (.png)

Width: 79 pixels

Height: 79 pixels

Bit Depth: 32

 

Common_registration_icon.png Where Used: FortiGate detected page

File Type: PNG File (.png)

Width: 85 pixels

Height: 85 pixels

Bit Depth: 32

Common_searching-page-bg.png Where Used: Searching for FortiGate page

File Type: PNG File (.png)

Width: 673 pixels

Height: 189 pixels

Bit Depth: 32

Dashboard_forticlient_v5_dashboard_bg.png Where Used: Client console

File Type: PNG File (.png)

Width: 628 pixels

Height: 451 pixels

Bit Depth: 32

Dashboard_warning-shield.png Where Used: Dashboard warning shield, displayed when antivirus is disabled. File Type: PNG File (.png)

Width: 59 pixels

Height: 75 pixels

Bit Depth: 32

Installer_background.bmp Where used: Setup Wizard background image.

File Type: BMP file (.bmp)

Width: 491 pixels

Height: 312 pixels

Bit Depth: 8

Installer_banner.bmp Where Used: Setup Wizard banner image on destination page, ready to install page, installing pages.

File Type: BMP file (.bmp)

Width: 491 pixels

Height: 58 pixels

Bit Depth: 8

LightInstaller_icon.ico Where Used: Light Installer Icon

File Type: ICO File (.ico)

Width: 32 pixels

Height: 32 pixels

Bit Depth: 32

Main_icon.ico Where Used: Shortcut on desktop

File Type: ICO file (.ico)

Width: 48 pixels

Height: 48 pixels

Bit Depth: 32

Appendix C – Rebrand FortiClient

Main_logo_black.ico Where Used: Client console header

File Type: ICO file (.ico)

Width: 32 pixels

Height: 32 pixels

Bit Depth: 32

setup.ico Where Used: Setup icon

File Type: ICO File (.ico)

Width: 256 pixels

Height: 256 pixels

Bit Depth: 32

Tray_Icons_alert.ico Where Used: System tray alert icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

Tray_Icons_alert_vpn.ico Where Used: System tray VPN alert icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

Tray_Icons_running.ico Where Used: System tray running icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

Tray_Icons_scan1.ico, Tray_Icons_scan2.ico,

Tray_Icons_scan3.ico, Tray_Icons_scan4.ico,

Tray_Icons_scan5.ico, Tray_Icons_scan6.ico,

Tray_Icons_scan7.ico, Tray_Icons_scan8.ico,

Tray_Icons_scan9.ico, Tray_Icons_scan10.ico

Tray_Icons_scan11.ico

Where Used: System tray, these eleven images animate the scanning activity of the tray icon.

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

Tray_Icons_vpn.ico Where Used: System tray VPN icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

VPN_xauth-dialog-logo.png Where Used: VPN xAuth dialog logo

File Type: PNG File (.png)

Width: 88 pixels

Height: 100 pixels

Bit Depth: 32

zzz_rebranding.ini Where Used: This file is used by the FortiClient Configurator tool for element/resource mapping. File Type: Configuration settings (.ini)

When rebranding FortiClient, you can select to digitally sign the installer package using a code signing certificate.

 

Custom FortiClient Installations

Custom FortiClient Installations

The FortiClient Configurator tool is the recommended method of creating customized FortiClient installation files.

You can also customize which modules are displayed in the FortiClient dashboard in the FortiClient profile. This will allow you to activate any of the modules at a later date without needing to re-install FortiClient. Any changes made to the FortiClient profile are pushed to connected clients.

When creating VPN only installation files, you cannot enable other modules in the FortiClient profile as only the VPN module is installed.

When deploying a custom FortiClient XML configuration, use the advanced profile options in FortiClient EMS to ensure the profile settings do not overwrite your custom XML settings. For more information, see the FortiClient XML Reference and the FortiClient EMS Administration Guide.

The FortiClient Configurator tool is included with the FortiClient Tools file in FortiClient 5.4.1. This file is only available on the Customer Service & Support portal and is located in the same file directory as the FortiClient images.

The Configurator tool requires activation with a license file. Ensure that you have completed the following steps prior to logging in to your FortiCare product web portal:

  • Purchased FortiClient Registration License l Activated the FortiClient license on a FortiGate

This video explains how to purchase and apply a FortiClient License: http://www.youtube.com/watch?feature=player_embedded&v=sIkWaUXK0Ok This chapter contains the following sections:

  • Download the license file on page 110 l Prepare configuration files on page 111 l Create a custom installer on page 113 l Custom installation packages on page 120 l Advanced FortiClient profiles on page 121

Download the license file

To retrieve your license file:

  1. Go to https://support.fortinet.com and log in to your FortiCare account.
  2. Under Asset select Manage/View Products. Select the FortiGate device that has the FortiClient registration license activated. You will see the Get the Key File link in the Available Key(s) 110

 

Prepare configuration files

  1. Click the link and download license file to your management computer. This file will be needed each time you use the FortiClient Configurator tool.

Diagnostic Tool

Diagnostic Tool

You can access the FortiClient Diagnostic Tool from the FortiClient console. Go to Help > About.

You can use the FortiClient Diagnostic tool to generate a debug report, and then provide the debug report to the FortiClient team to help with troubleshooting. For example, if you are working with customer support on a problem, you can generate a debug report, and email the report to customer support to help with troubleshooting.

To generate debug reports:

  1. Go to Help > About.
  2. Click the Generate Debug Report icon in the top-right corner. The FortiClient Diagnostic Tool dialog box is displayed.
  3. Click Run Tool.

A window is displayed the provides status information.

Diagnostic Tool

  1. (Optional) When prompted, launch and disconnect the VPN tunnels for which you want to collect information. A Diagnostic_Result file is created and displayed in a folder on the endpoint device. The default folder location is C:\Users <username>\AppData\Local\Temp\.
  2. Click Close.

Settings

Settings

This section describes the available options on the File > Settings page for FortiClient in standalone mode.

In managed mode, options on the Settings page are configured in the FortiClient profile by using FortiGate/EMS.

Backup or restore full configuration

To backup or restore the full configuration file, select File > Settings from the toolbar. Expand the System section, then select Backup or Restore as needed. Restore is only available when operating in standalone mode.

When performing a backup, you can select the file destination, password requirements, and add comments as needed.

Signature updates

This setting can only be configured when FortiClient is in standalone mode.

To configure updates, select File > Settings from the toolbar, then expand the System section.

Select to either automatically download and install updates when they are available on the FortiGuard Distribution Servers, or to send an alert when updates are available.

In managed mode, you can select to use a FortiManager device for signature updates. When configuring the endpoint profile in EMS, select Use FortiManagerforclient software/signature updates to enable the feature and enter the IP address of your FortiManager device.

To configure FortiClient to use FortiManager for signature updates (EMS):

  1. On EMS, select an endpoint profile, then go to the System Settings
  2. Toggle the Use FortiManagerforclient software/signature update option to ON.
  3. Specify the IP address or hostname of the FortiManager device.
  4. Select Failoverto FDN when FortiManageris not available to have FortiClient receive updates from the FortiGuard Distribution Network when the FortiManager is not available.
  5. Select Save to save the settings.

Logging

To configure logging, select File > Settings from the toolbar then expand the Logging section.

Logging

VPN VPN logging is available when in standalone mode or in managed mode when FortiClient is connected to FortiGate/EMS.
Application Firewall Application Firewall logging is available in managed mode when FortiClient is connected to FortiGate/EMS.
AntiVirus Antivirus activity logging is available when in standalone mode or in managed mode when FortiClient is connected to FortiGate/EMS.
Web Security/Web Filter Web Security logging is available when in standalone mode. Web Filter logging is available in managed mode.
Update Update logging is available when in standalone mode or in managed mode when FortiClient is connected to FortiGate/EMS.
Vulnerability Scan Vulnerability Scan logging is available in managed mode when FortiClient is connected to FortiGate/EMS.
Log Level This setting can be configured when in standalone mode. When FortiClient is connected to FortiGate, this setting is set by the XML configuration (if configured).
Log File The option to export the log file (.log) is available when in standalone mode or in managed mode when FortiClient is connected to

FortiGate/EMS. The option to clear logs is only available when in standalone mode.

The following table lists the logging levels and description:

Logging Level Description
Emergency The system becomes unstable.
Alert Immediate action is required.
Critical Functionality is affected.
Error An error condition exists and functionality could be affected.
Warning Functionality could be affected.

Logging

Logging Level   Description
Notice   Information about normal events.
Information   General information about system operations.
Debug   Debug FortiClient.

It is recommended to use the debug logging level only when needed. Do not leave the debug logging level permanently enabled in a production environment to avoid unnecessarily consuming disk space.

Sending logs to FortiAnalyzer or FortiManager

To configure FortiClient to send logs to FortiAnalyzer or FortiManager, you require the following:

l FortiClient 5.2.0 or later l A FortiGate device running FortiOS 5.2.0 or later or EMS 1.0 or later l A FortiAnalyzer or FortiManager device running 5.0.7 or later

The connected FortiClient device can send traffic logs, vulnerability scan logs, and event logs to the log device on port 514 TCP.

Enable logging on the FortiGate device:

  1. On your FortiGate device, select Log & Report > Log Settings. The Log Settings window opens.
  2. Enable Send Logs to FortiAnalyzer/FortiManager.
  3. Enter the IP address of your log device in the IP Address You can select Test Connectivity to ensure your FortiGate is able to communicate with the log device on this IP address.
  4. Select Apply to save the setting.

Enable logging in the FortiGate FortiClient profile:

  1. Go to Security Profiles > FortiClient Profiles.
  2. Select the FortiClient Profile and select Edit from the toolbar. The Edit FortiClient Profile page opens.
  3. Enable Upload Logs to FortiAnalyzer.

VPN options

  1. Select either Same as System to send the logs to the FortiAnalyzer or FortiManager configured in the Log Settings, or Specify to enter a different IP address.
  2. In the Schedule field, select to upload logs Hourly or Daily.
  3. Select Apply to save the settings.

Once the FortiClient Profile change is synchronized with the client, you will start receiving logs from connected clients on your FortiAnalyzer/FortiManager system.

Alternatively, you can configure logging in the command line interface. Go to System > Dashboard > Status. In the CLI Console widget, enter the following CLI commands:

config endpoint-control profile edit <profile-name>

config forticlient-winmac-settings set forticlient-log-upload enable set forticlient-log-upload-server <IP address> set forticlient-log-upload-schedule {hourly | daily} set forticlient-log-ssl-upload {enable | disable} set client-log-when-on-net {enable | disable}

end

end

Enable logging in the EMS endpoint profile:

  1. On EMS, select an endpoint profile, then go to the System Settings
  2. Enable Upload Logs to FortiAnalyzer/FortiManager.
  3. Enable the type of logs to upload. Choose from traffic, vulnerability, and event.
  4. Enter the IP address or hostname, schedule upload (in minutes), and log generation timeout (in seconds).
  5. Select Save to save the settings.

VPN options

To configure VPN options, select File > Settings from the toolbar and expand the VPN section. Select Enable VPN before logon to enable VPN before log on.

This setting can only be configured when in standalone mode.

Certificate management

To configure VPN certificates, select File > Settings from the toolbar and expand the Certificate Management section. Select Use local certificate uploads (IPsec only) to configure IPsec VPN to use local certificates and import certificates to FortiClient.

This setting can only be configured when in standalone mode.

Antivirus options

To configure antivirus options, select File > Settings from the toolbar and expand the Antivirus Options section.

Advanced options

These settings can be configured only when FortiClient is in standalone mode.

Configure the following settings:

Grayware Options Grayware is an umbrella term applied to a wide range of malicious applications such as spyware, adware and key loggers that are often secretly installed on a user’s computer to track and/or report certain information back to an external source without the user’s permission or knowledge.
Adware Select to enable adware detection and quarantine during the antivirus scan.
Riskware Select to enable riskware detection and quarantine during the antivirus scan.
Scan removable media on

insertion

Select to scan removable media when it is inserted.
Alert when viruses are detected Select to have FortiClient provide a notification alert when a threat is detected on your personal computer. When Alert when viruses are detected under AntiVirus Options is not selected, you will not receive the virus alert dialog box when attempting to download a virus in a web browser.
Pause background scanning on battery power Select to pause background scanning when your computer is operating on battery power.
Enable FortiGuard Ana-

lytics

Select to automatically send suspicious files to the FortiGuard Network for analysis.

When connected to FortiGate/EMS, you can enable or disable FortiClient Antivirus Protection in the FortiClient profile.

Advanced options

To configure advanced options, select File > Settings from the toolbar and expand the Advance section.

These settings can be configured only when FortiClient is in standalone mode. When a FortiClient endpoint is connected to FortiGate/EMS, these settings are set by the XML configuration (if configured).

Single Sign-On mobility agent

Configure the following settings:

Enable WAN Optimization Select to enable WAN Optimization. You should enable only if you have a FortiGate device and your FortiGate is configured for WAN Optimization.

This setting can be configured when in standalone mode.

Maximum Disk Cache Size Select to configure the maximum disk cache size. The default value is 512MB.
Enable Single Sign-On mobility agent Select to enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator device.

This setting can be configured when in standalone mode.

Server address Enter the FortiAuthenticator IP address.
Customize port Enter the port number. The default port is 8001.
Pre-shared Key Enter the pre-shared key. The pre-shared key should match the key configured on your FortiAuthenticator device.
Disable proxy (troubleshooting only) Select to disable proxy when troubleshooting FortiClient.

This setting can be configured when in standalone mode.

Default tab Select the default tab to be displayed when opening FortiClient. This setting can be configured when in standalone mode.

Single Sign-On mobility agent

The FortiClient Single Sign-On (SSO) Mobility Agent is a client that updates FortiAuthenticator with user logon and network information.

FortiClient/FortiAuthenticator protocol

The FortiAuthenticator listens on a configurable TCP port. FortiClient connects to FortiAuthenticator using TLS/SSL with two-way certificate authentication. The FortiClient sends a logon packet to FortiAuthenticator, which replies with an acknowledgment packet.

FortiClient/FortiAuthenticator communication requires the following:

  • The IP address should be unique in the entire network. l The FortiAuthenticator should be accessible from clients in all locations.

Single Sign-On mobility agent

  • The FortiAuthenticator should be accessible by all FortiGates.

FortiClient Single Sign-On Mobility Agent requires a FortiAuthenticator running 2.0.0 or later, or v3.0.0 or later. Enter the FortiAuthenticator (server) IP address, port number, and the pre-shared key configured on the FortiAuthenticator.

Enable Single Sign-On mobility agent on FortiClient:

  1. Select File in the toolbar and select Settings in the drop-down menu.
  2. Select Advanced to view the drop-down menu.
  3. Select Enable Single Sign-On mobility agent.
  4. Enter the FortiAuthenticator server address and the pre-shared key.

This setting can be configured when in standalone mode. When connected to FortiGate, this setting is set by the XML configuration (if configured).

Enable FortiClient SSO mobility agent service on the FortiAuthenticator:

  1. Select Fortinet SSO Methods > SSO > General. The Edit SSO Configuration page opens.
  2. Select Enable FortiClient SSO Mobility Agent Service and enter a TCP port value for the listening port.
  3. Select Enable authentication and enter a secret key or password.
  4. Select OK to save the setting.

Enable FortiClient FSSO services on the interface:

  1. Select System > Network > Interfaces. Select the interface and select Edit from the toolbar. The Edit Network Interface window opens.
  2. Select the checkbox to enable FortiClient FSSO.
  3. Select OK to save the setting.

Configuration lock

To enable the FortiClient SSO Mobility Agent Service on the FortiAuthenticator, you must first apply the applicable FortiClient license for FortiAuthenticator. For more information, see the FortiAuthenticator Administration Guide in the Fortinet Document Library.

For information on purchasing a FortiClient license for FortiAuthenticator, please contact your authorized Fortinet reseller.

Configuration lock

To prevent unauthorized changes to the FortiClient configuration, select the lock icon located at the bottom left of the Settings page. You will be prompted to enter and confirm a password. When the configuration is locked, configuration changes are restricted and FortiClient cannot be shut down or uninstalled.

When the configuration is locked you can perform the following actions:

  • Compliance l Connect and disconnect FortiClient for Endpoint Control
  • Antivirus l Complete an antivirus scan, view threats found, and view logs l Select Update Now to update signatures
  • Web Security l View violations
  • Application Firewall l View applications blocked
  • Remote Access l Configure, edit, or delete an IPsec VPN or SSL VPN connection l Connect to a VPN connection
  • Vulnerability Scan l Complete a vulnerability scan of the system l View vulnerabilities found
  • Settings l Export FortiClient logs l Back up the FortiClient configuration

To perform configuration changes, or to shut down FortiClient, select the lock icon and enter the password used to lock the configuration.

FortiTray

When FortiClient is running on your system, you can select the FortiTray icon in the Windows system tray to perform various actions. The FortiTray icon is available in the system tray even when the FortiClient console is closed.

  • Default menu options: l Open FortiClient console FortiTray
  • Shut down FortiClient
  • Dynamic menu options, depending on configuration:
  • Connect to a configured IPsec VPN or SSL VPN connection l Display the antivirus scan window (if a scheduled scan is currently running) l Display the Vulnerability scan window (if a vulnerability scan is running)

If you hover the mouse cursor over the FortiTray icon, you will receive various notifications including the version, antivirus signature, and antivirus engine.

Connecting to VPN connections

To connect to a VPN connection from FortiTray, select the Windows System Tray and right-click in the FortiTray icon. Select the connection you wish to connect to, enter your username and password in the authentication window, then select OK to connect.

 

Web Security/Web Filter

Web Security/Web Filter

Web Security/Web Filter allows you to block, allow, warn, and monitor web traffic based on URL category or custom URL filters. URL categorization is handled by the FortiGuard Distribution Network (FDN). You can create a custom URL filter exclusion list which overrides the FDN category.

When a FortiClient endpoint is connected to FortiGate/EMS, the Web Security tab becomes the Web Filter tab in the FortiClient console.

Enable/disable Web Security/Web Filter

For FortiClient in standalone mode, you can enable, disable, and configure web security by using the FortiClient console. You can define what sites are allowed, blocked, or monitored, and you can view violations.

For FortiClient in managed mode, an administrator enables, disables, and configures Web Filter by using a FortiClient profile. See FortiClient profiles on page 29.

Enable/disable Web Security

This setting can only be configured when FortiClient is in standalone mode.

To enable or disable Web Security:

  1. On the Web Security tab, toggle the Enable/Disable link in the FortiClient console. Web Security is enabled by default.

The following options are available:

Enable/Disable Select to enable or disable Web Security.

Configure Web Security profiles

X Violations (In the Last 7 Days) Select to view Web Security log entries of the violations that have occurred in the last 7 days.
Settings Select to configure the Web Security profile, exclusion list, and settings, and to view violations.

Enable/disable Web Filter

This setting can only be configured when FortiClient is in managed mode. When FortiClient is connected to a FortiGate/EMS, the Web Security tab will become the Web Filter tab.

A FortiClient profile can include a Web Filter profile from a FortiGate or EMS.

On a FortiGate device, the overall process is as follows:

l Create a Web Filter profile on the FortiGate, l Add the Web Filter profile to the FortiClient Profile on the FortiGate.

On EMS, web filtering is part of the endpoint profile.

Configure Web Security profiles

This setting can only be configured when FortiClient is in standalone mode.

You can configure a Web Security profile to allow, block, warn, or monitor web traffic based on website categories and sub-categories.

Edit Web Security exclusion lists                                                                             Web Security/Web Filter

To configure web security profiles:

  1. On the Web Filter tab, click the Settings
  2. Click a site category.
  3. Click the Action icon, and select an action in the drop-down menu.

The following actions are available:

Allow Set the category or sub-category to Allow to allow access.
Block Set the category or sub-category to Block to block access. The user will receive a Web Page Blocked message in the web browser.
Warn Set the category or sub-category to Warn to block access. The user will receive a Web Page Blocked message in the web browser. The user can select to proceed or go back to the previous web page.
Monitor Set the category or sub-category to Monitor to allow access. The site will be logged.

You can select to enable or disable Site Categories in the Web Security settings page. When site categories are disabled, FortiClient is protected by the exclusion list.

  1. Click OK.

Edit Web Security exclusion lists

This setting can only be configured when FortiClient is in standalone mode.

You can add websites to the exclusion list and set the permission to allow, block, monitor, or exempt.

Edit Web Security exclusion lists

To manage the exclusion list:

  1. On the Web Security tab, click the Settings
  2. Click the Exclusion List
  3. Click the Add icon to add URLs to the exclusion list.

If the website is part of a blocked category, an allow permission in the Exclusion List would allow the user to access the specific URL.

  1. Configure the following settings:
Exclusion List Select to exclude URLs that are explicitly blocked or allowed. Use the add icon to add URLs and the delete icon to delete URLs from the list. Select a URL and select the edit icon to edit the selection.
URL Enter a URL or IP address.
Type Select one of the following pattern types from the drop-down list:

l Simple l Wildcard l RegularExpression

Actions Select one of the following actions from the drop-down list:

Block: Block access to the web site regardless of the URL category or sub-category action.

Allow: Allow access to the web site regardless of the URL category or sub-category action.

Monitor: Allow access to the web site regardless of the URL category or sub-category action. A log message will be generated each time a matching traffic session is established.

  1. Click OK.

Configure Web Security settings                                                                             Web Security/Web Filter

Configure Web Security settings

This setting can only be configured when FortiClient is in standalone mode.

To configure web security settings:

  1. On the Web Security tab, click the Settings icon
  2. Click the Settings
  3. Configure the following settings:
Enable Site Categories Select to enable Site Categories. When site categories are disabled, FortiClient is protected by the exclusion list.
Log all URLs Select to log all URLs.
Identify user initiated web browsing Select to identify web browser that is user initiated.
  1. Click OK.

View violations

This section applies to FortiClient in standalone mode and managed mode.

To view Web Security violations:

  1. On the Web Security tab, click the Settings

Alternately, you can click the X Violations (In the Last 7 Days) link.

  1. Click the Violations

View violations

The following information is displayed.

Website The website name or IP address.
Category The website sub-category.
Time The date and time that the website was accessed.
User The name of the user generating the traffic. Hover the mouse cursor over the column to view the complete entry in the pop-up bubble message.
  1. Click Close.

 

Antivirus

Antivirus

FortiClient includes an antivirus module to scan system files, executable files, removable media, dynamic-link library (DLL) files, and drivers. FortiClient will also scan for and remove rootkits. In FortiClient, file-based malware, malicious websites, phishing, and spam URL protection are part of the antivirus module. Scanning can also be extended by using FortiSandbox.

Enable/disable realtime protection

For FortiClient in standalone mode, you can enable and disable realtime protection by using the FortiClient console.

For FortiClient in managed mode, an administrator enables, disables, and configures realtime protection by using a FortiClient profile. See FortiClient profiles on page 29.

Enable/disable Antivirus

This setting can only be configured when FortiClient is in standalone mode.

To enable Antivirus:

  1. On the AntiVirus tab, click the settings icon next to Realtime Protection Disabled. The real-time protection settings page opens.
  2. Select the Scan files as they are downloaded orcopied to my system check box.
  3. Click OK.

If you have another antivirus program installed on your system, FortiClient will show a warning that your system may lock up due to conflicts between different antivirus products.

Conflicting antivirus warning

To disable antivirus:

  1. On the AntiVirus tab, click the settings icon next to Realtime Protection Enable. The real-time protection settings page opens.

Enable/disable realtime protection

  1. Clear the Scan files as they are downloaded orcopied to my system check box, and click OK.

Enable/disable FortiSandbox

This setting can only be configured when FortiClient is in standalone mode.

FortiClient integration with FortiSandbox allows you to submit files to FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning. Access to the downloaded file is blocked until the scanning result is returned.

As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time and on-demand AV scanning.

You cannot configure this option when FortiClient is connected to FortiGate/EMS. The administrator configures this option on FortiGate/EMS.

To enable FortiSandbox:

  1. On the AntiVirus tab, select the settings icon to open the real-time protection settings page.
  2. Select Extend scanning using FortiSandbox.
  3. Enter the FortiSandbox IP address, then select Test to ensure that the connection is correct.

 

Scan and analysis on demand

  1. Set the remaining options as needed.
  2. Click OK to apply your changes.